A blog covering security and security technology.
  1. Pegasus Spyware Used in 45 Countries

    Citizen Lab has published a new report about the Pegasus spyware. From a ZDNet article: The malware, known as Pegasus (or Trident), was created by Israeli cyber-security firm NSO Group and has been around for at least three years -- when it was first detailed in a report over the summer of 2016. The malware can operate on both Android...
  2. Public Shaming of Companies for Bad Security

    Troy Hunt makes some good points, with good examples....
  3. NSA Attacks Against Virtual Private Networks

    A 2006 document from the Snowden archives outlines successful NSA operations against "a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems." It's hard to believe that many of the Snowden documents are now more than a decade old....
  4. Friday Squid Blogging: Dissecting a Giant Squid

    Lessons learned. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....
  5. Click Here to Kill Everybody Reviews and Press Mentions

    It's impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin. I've also done a bunch of interviews -- either written or radio/podcast -- including the Washington Post, a Reddit AMA, "The 1A " on NPR,...
  6. Quantum Computing and Cryptography

    Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would break the RSA cryptosystem for...
  7. Security Risks of Government Hacking

    Some of us -- myself included -- have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include: Disincentive for vulnerability disclosure Cultivation of a market for surveillance tools Attackers co-opt hacking tools over which governments have lost control Attackers...
  8. Security Vulnerability in Smart Electric Outlets

    A security vulnerability in Belkin's Wemo Insight "smartplugs" allows hackers to not only take over the plug, but use it as a jumping-off point to attack everything else on the network. From the Register: The bug underscores the primary risk posed by IoT devices and connected appliances. Because they are commonly built by bolting on network connectivity to existing appliances,...
  9. Using Hacked IoT Devices to Disrupt the Power Grid

    This is really interesting research: "BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid": Abstract: We demonstrate that an Internet of Things (IoT) botnet of high wattage devices -- such as air conditioners and heaters -- gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In particular, we reveal a new...
  10. Friday Squid Blogging: 100-kg Squid Caught Off the Coast of Madeira

    News. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....

Copyright © 2018 • All Rights Reserved.Simple Systems of Vermont LLC
1 High Street • Brandon, VT 05733 • Contact Us